Power User: Power User meets the nemesis at hacker meeting

I was pleased to be invited to speak last month at the SummerCon 2003 hacker convention in Pittsburgh, within IEEE 802.11 networking distance of both Pittsburgh and Carnegie Mellon universities.

SummerCon is mostly a venue for hackers, crackers, cops and system administrators to socialize and size each other up. Everybody was quite civilized, although more than one person paused to calculate the statute of limitations before boasting about some past exploit.

Special agent Tom Grasso of the Pittsburgh FBI field office led off the speakers, telling a little about how the FBI pursues cybercriminals. Grasso, the FBI liaison to Carnegie Mellon's CERT Coordination Center, is also a leader in the National Cyber-Forensics and Training Alliance, a joint partnership of law enforcement, academia and industry. Visit www.ncfta.net for more information about this fascinating new forensics field.

When I spoke about the Justice Department's repeated warnings that so-called honeypots'phony computer sites set up to attract hackers'could violate state and federal criminal statutes if not properly configured, it came as a surprise to some of the system administrators in the audience.

So I'll repeat myself in this space: Honeypots represent possible wiretap violations because they're intended to track all traffic. They could even violate the privacy rights of legitimate workers pursuing perfectly legal activities.

The latest twist, which I picked up from AusCERT, Australia's computer emergency response team, involves reverse engineering of malware. If a worm happens for some reason to be copyrighted, the reverse engineering could constitute a copyright violation.

As if the potential legal problems weren't enough to discourage antivirus vendors, Microsoft Corp. has just purchased a Romanian antivirus company, GeCAD Software. That's likely to cause drastic changes in the antivirus market over the next several years. Government managers, take note.

A great time was had by all, and no computers were permanently harmed. I heard talk of holding more SummerCons at the staid old University Club in Pittsburgh, making the event close enough for more attendees from the Washington area. The club's staff took everything in stride, including inevitable attempts to crash their wireless network.

John McCormick is a free-lance writer and computer consultant. E-mail him at powerusr@yahoo.com.
>